That -Pn option means nothing, it only treats the host as online in case it can't detect it. It makes no difference whether the port will be reported as opened and closed. At least that's how I understand it from the nmap options.

You also asked about loading the rules at boot. Usually you would do it by create a text file, for example /etc/iptables.rules and then loading this file on boot by adding a command in /etc/network/interfaces.

For example, in the eth0 section (group of commands), you will add:
post-up iptables-restore < /etc/iptables.rules

That will flush the iptables and load the rules from the file specified immediately after the eth0 interface is brought online.

The /etc/iptables.rules file is little bit simpler than the script Doug posted, like:
Code:
*nat
<any rules you want for the nat chain
ignore this part if you don't need nat rules>
COMMIT

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
...continue with all your other rules...
COMMIT
In the *filter section you first set the default policies, and then start adding rules. Don't forget to also add rules about ssh if you plan to manage the server over the network. In that case, especially if you are on the same internal network all the time, you can specify to let you in only from your private IP.

Lets say your desktop has the 192.168.1.100 address (you better make it static, not dynamic). Then it would be like:
-A INPUT -p tcp -s 192.168.1.100 --dport 22 -j ACCEPT

That will allow ssh only from your desktop, for additional security.